On Apr 26, 2014, at 14:27 , Jeffrey Walton <[email protected]> wrote: > On Tuesday, April 22, 2014 5:12:37 AM UTC-4, steven m wrote: > > I am working on a home project and I wanted to implement an authenticated > ephemeral key exchange using Elliptic curves. I first thought about > Station-to-Station with EC protocol, but it does not seem to be available in > crypto++. The ECDH does not offer authentication, ECMQV seems to be broken > and fixed with FHMQV. > > But does FHMQV work with elliptic curves? Can it offer forward secrecy? Are > they any know weakness to this algorithm? Would FHMQV be my best choice for > an authenticated ephemeral key exchange using Elliptic curves? > > In addition to Mouse's answer, ECDHE/ECDSA and ECDHE/RSA work well too. TLS > uses both, and both are available in Crypto++.
The problem with ECDHE (like that of ECDH) is its lack of authentication. The problem with ECDHE/ECDSA is the extra performance hit taken by ECDSA signing and signature verification. The problem with FHMQV is patents. Pick your poison. :) P.S. Jeffrey's FHMQV Crypto++ code works very well. :) -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
